Exemplo n.º 1
0
 def logout(self, request, **kw):
     """ Log a user out of the ID server
     """
     # sanitize value (since this will be echoed back)
     if not self.is_internal(request):
         raise HTTPForbidden()
     logger.debug('Logging out.')
     (content_type, template) = self.get_template_from_request(request,
                                                 html_template = 'login')
     uid = self.get_uid(request)
     if uid is None:
             body = template.render(error =
                                     self.error_codes.get('LOGIN_ERROR'),
                                     config = self.app.config,
                                     request = request)
     else:
         # This is potentially dangerous, check that this is at least
         # semi-legit
         if not self.check_signature(uid, request):
             raise HTTPBadRequest()
     body = template.render(response = True,
                            request = request,
                            config = self.app.config)
     response = Response(str(body), content_type = content_type)
     return response
Exemplo n.º 2
0
 def send_validate_email(self, uid, email, nosend = False, **kw):
     """ Send an email containing the validation token URL to the
         newly registered email, and add the email to the list of
         unvalidated emails.
     """
     #first, generate a token:
     user = self.app.storage.get_user_info(uid)
     if user is None:
         return False
     mailserv_name = self.app.config.get('oid.mail_server',
                                               'localhost')
     reply_to = self.app.config.get('oid.reply_to',
                                    'no-reply@' + mailserv_name)
     #store the unverified email
     unv_emails = user.get('unv_emails', {})
     if (email not in unv_emails):
         rtoken = self.app.storage.add_validation(uid, email)
     else:
         rtoken = self.app.storage.get_validation_token(uid, email)
     # format the email and send it on it's merry way.
     template = get_template('validate_email_body')
     verify_url = (self.app.config.get('oid.validate_host',
                                      'http://localhost') +
                                     '/%s/validate/%s' % (VERSION, rtoken))
     body = template.render(from_addr =
                             self.app.config.get('oid.from_address',
                                                 reply_to),
                            to_addr = email,
                            reply_to = reply_to,
                            verify_url = verify_url)
     if (not nosend and not self.app.config.get('test.nomail', False)):
         #for testing, we don't send out the email. (Presume that works.)
         logger.debug('sending validation email to %s' % email)
         server = smtplib.SMTP(mailserv_name)
         server.sendmail(reply_to,
                         email,
                         body)
         server.quit()
     return True
Exemplo n.º 3
0
    def login(self, request, extra = {}, **kw):
        """ Log a user into the ID server
        """
        response = {}
        error = {}
        uid = None
        email = None
        storage = self.app.storage

        if not self.is_internal(request):
            raise HTTPForbidden()
        (content_type, template) = self.get_template_from_request(request,
                                                    html_template = 'login')
        # User is not logged in or the association is not present.
        if (len(request.POST.get('id', '')) and
            len(request.POST.get('password', ''))):
            email = request.POST['id']
            password = request.POST['password']
            try:
                username = extract_username(email)
            except UnicodeError:
                # Log the invalid username for diagnostics ()
                logger.warn('Invalid username specified: %s (%s) '
                            % (email, username))
                raise HTTPBadRequest()
            # user normalization complete, check to see if we know this
            # person
            uid = self.app.auth.backend.authenticate_user(username,
                                                          password)
            if uid is None:
                error = self.error_codes.get('LOGIN_ERROR')
                logger.debug('Login failed for %s ' % email)
                body = template.render(error = error,
                                       response = response,
                                       extra = extra,
                                       request = request,
                                       config = self.app.config)
                response = Response(str(body), content_type = content_type)
                logger.debug('Nuking session cookie')
                response.delete_cookie('beaker.session.uid')
                try:
                    del request.environ['beaker.session']['uid']
                except KeyError:
                    pass
                return response
            logger.debug('setting uid to %s' % uid)
            request.environ['beaker.session']['uid'] = uid

            # if this is an email validation, skip to that.
            if 'validate' in request.params:
                return self.validate(request)
        # Attempt to get the uid.
        if not email:
            email = request.params.get('id', None)
        if uid is None:
            logger.debug('attempting to get uid')
            uid = self.get_uid(request, strict = False)
            if uid is None:
                logger.debug('no uid present')
                # Presume that this is the first time in.
                # Display the login page for HTML only
                body = template.render(error = error,
                                        response = response,
                                        config = self.app.config,
                                        extra = extra,
                                        request = request)
                response = Response(str(body), content_type = content_type)
                response.delete_cookie('beaker.session.uid')
                return response
        # Ok, got a UID, so let's get the user info
        user = storage.get_user_info(uid)
        if user is None:
            user = storage.create_user(uid, email)
        if email:
            if email not in user.get('emails', []):
                self.send_validate_email(uid, email)
            if (len(request.params.get('audience', ''))):
                return self.registered_emails(request)
            location = "%s/%s" % (self.app.config.get('oid.login_host',
                                                          'localhost'),
                 quote(email))
        else:
            del (request.environ['beaker.session']['uid'])
            location = "%s/%s/login" % (self.app.config.get('oid.login_host',
                                                            'localhost'),
                                        VERSION)
        logger.debug('Sending user to admin page %s' % location)
        raise HTTPFound(location = location)